While shadow IT was always a challenge for enterprise IT teams, it rapidly started to accelerate with the growth of the smartphone, and then cloud computing with the incredible expansion of public cloud infrastructure and software as a service offerings that made it as easy as providing a credit card to access a cloud service. Today, shadow IT has spread beyond smartphones, tablets, and cloud services and is rapidly extending into the domain of the enterprise developer.The trend could create profound risks for enterprise security teams if these shadow, or citizen, developers, aren’t reined.To read this article in full or to leave a comment, please click here
While shadow IT was always a challenge for enterprise IT teams, it rapidly started to accelerate with the growth of the smartphone, and then cloud computing with the incredible expansion of public cloud infrastructure and software as a service offerings that made it as easy as providing a credit card to access a cloud service. Today, shadow IT has spread beyond smartphones, tablets, and cloud services and is rapidly extending into the domain of the enterprise developer.The trend could create profound risks for enterprise security teams if these shadow, or citizen, developers, aren’t reined.To read this article in full or to leave a comment, please click here
When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it’s very likely that more vulnerabilities exist in the application that have yet to be uncovered.To read this article in full or to leave a comment, please click here
When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it’s very likely that more vulnerabilities exist in the application that have yet to be uncovered.To read this article in full or to leave a comment, please click here
When it comes to creating secure applications, nothing beats focusing on the basics: secure coding in development and then testing the application for security defects. Part of the testing regime should always include an in-depth application pen test. But how do organizations know they are getting the full benefit from such assessments?What goes (or should go) into developing application security is well known. Developers should have their code vetted in their development environment. Their code should go through a series of quality and security tests in the development pipeline. Applications should be vetted again right after deployment. And, after all of that, it’s very likely that more vulnerabilities exist in the application that have yet to be uncovered.To read this article in full or to leave a comment, please click here
Going viralImage by IDGReddit isn’t just about viral news stories and viral memes or heated thread debates, although there is always plenty of that on the sharing and social media site. For security professionals, as well as those interested in pursuing the field of cybersecurity, there is a wealth of advice, content, and conversation from deep and dirty forensics work to the latest on cyberlaw and everything in-between — if you know where to look.To read this article in full or to leave a comment, please click here
Going viralImage by IDGReddit isn’t just about viral news stories and viral memes or heated thread debates, although there is always plenty of that on the sharing and social media site. For security professionals, as well as those interested in pursuing the field of cybersecurity, there is a wealth of advice, content, and conversation from deep and dirty forensics work to the latest on cyberlaw and everything in-between — if you know where to look.To read this article in full or to leave a comment, please click here
Second editionImage by Thomas XuThe first list 10 security Ted Talks you can’t miss was so popular we decided to serve another. So here is another batch of must see security and privacy videos. In this selection you’ll find speakers taking on some of the most pressing, and persistent, security and privacy challenges of our time, from how society can fight the war on terror while maintaining the social values we cherish to Bruce Schneier’s talk on how challenging it is for us to evaluate and understand risk. It’s a must-see talk. Well, we think they all are, so enjoy.To read this article in full or to leave a comment, please click here(Insider Story)
There’s been considerable talk in recent years about the importance of cybersecurity information sharing. After all, few organizations can really work in a vacuum and no single organization can see all of the threats laying in wait on the internet.And many CISOs find it helpful to share notes with others in their industry to compare which strategies and practices work best and compare program maturity levels. But the nearly two-decade effort to share such information hasn’t been smooth.Many organizations are wary of sharing sensitive cybersecurity information, especially with governments. Not only can such information jeopardize the security posture of an organization, it can damage customer impressions of a company and even affect stock values.To read this article in full or to leave a comment, please click here
There’s been considerable talk in recent years about the importance of cybersecurity information sharing. After all, few organizations can really work in a vacuum and no single organization can see all of the threats laying in wait on the internet.And many CISOs find it helpful to share notes with others in their industry to compare which strategies and practices work best and compare program maturity levels. But the nearly two-decade effort to share such information hasn’t been smooth.Many organizations are wary of sharing sensitive cybersecurity information, especially with governments. Not only can such information jeopardize the security posture of an organization, it can damage customer impressions of a company and even affect stock values.To read this article in full or to leave a comment, please click here
Strategy 1: After major incidents, take time for self-rejuvenation Image by PexelsAfter a significant incident or breach, take the appropriate amount of time to recharge. When things go wrong in this job, and they do, the days are long, stressful, and thankless. But similarly to first responders, it’s important to take time for self and center oneself and recharge after the dust has settled. It’s the only way to live to fight for another day.To read this article in full or to leave a comment, please click here(Insider Story)
Security talksImage by ThinkstockWe know you’re busy, that’s why we invested the time to find you the 10 Security TED talks that you really can’t miss. These talks tackle some of the biggest security challenges of our time, from securing medical devices to how cyber-attacks can threaten world peace. Some of them will be given by security experts you know, and other talks here by those who may be new to you. Some are recent, others were recorded years ago, but are just (if not more) relevant today. We think you’ll be better for having taken the time to listen and consider their messages.To read this article in full or to leave a comment, please click here
As enterprises struggle to keep up with their internal demand for mobile apps, more are turning to more speedy development workflows, such as the Minimum Viable Product (MVP) , which essentially calls for mobile development teams to focus on the highest return on effort when compared to risk when choosing apps to develop, and features to build within them. That is: focus on apps and capabilities that users are actually going to use and skip those apps and features they won’t.Sounds simple, but what does that mean when it comes to security? We know application security is one of the most important aspects of data security, but if software teams are moving more quickly than ever to push apps out, security and quality assurance needs to be along for the process. To read this article in full or to leave a comment, please click here
George V. Hulme